ScriptCase suffers from a remote SQL injection vulnerability.
4fe9154183e38e1f46974c286be0812e23627649a00601a0488fd5721da7f3f7
#----------------------------------------------------------------------#
# #
# 1010101010101010101010101010101010101010101010101 #
# 0 __ _ __ 0 #
# 1 /'__`\ /' \/\ \ 1 #
# 0 /\_\ \ \ __ __ /\_, \ \ \ 0 #
# 1 \/_/_\_<_ /\ \ /\ \\/_/\ \ \ \ 1 #
# 0 /\ \ \ \\ \ \_/ / \ \ \ \ \____ 0 #
# 1 \ \____/ \ \___/ \ \_\ \_____\ 1 #
# 0 \/___/ \/__/ \/_/\/_____/ 0 #
# 1 1 #
# 0 >> Dr.3v1l 0 #
# 1 >> 0WebSecurity.IR 1 #
# 0 0 #
# 1 [+] E-Mail : B.Devils.B@gmail.com 1 #
# 0 [+] Y! : Teacher_3v1l 0 #
# 1 1 #
# 0 ########################################### 0 #
# 1 I'm 3v1l member from Black_Devils B0ys Team 1 #
# 0 ########################################### 0 #
# 1 1 #
# 0101010101010101010101010101010101010101010101010 #
# #
#----------------------------------------------------------------------#
# [~] Exploit Title : ScriptCase SQL Injection vulnerable #
# [~] Date : 2013 #
# [~] Author : Hossein Hezami ( Dr.3v1l ) #
# [~] Software : http://www.scriptcase.net #
# [~] Version : ALL Versions #
# [~] E-Mail : Teacher_3v1l@yahoo.com , B.Devils.B@gmail.com #
# [~] Site : 0WebSecurity.ir #
# [~] Tested on : Windows XP , Windows 7 , Windows 8 #
# [~] Google Dork : inurl:"/scelta_categoria.php?categoria=" #
#======================================================================#
# [+] SQL I Exploit : #
# #
# [Target]/[path]/scelta_categoria.php?categoria=[SQLi] #
# #
#----------------------------------------------------------------------#
# [+] Demo : #
# #
# http://www.grossetoannunci.it/scelta_categoria.php?categoria=14 #
# http://www.livorno-annunci.com/scelta_categoria.php?categoria=14 #
# #
#----------------------------------------------------------------------#
# [+] Note : #
# #
# This is a simple sql injection ;) #
# #
#----------------------------------------------------------------------#
# #
# [+] Contact Me : #
# #
# Teacher_3v1l@yahoo.com #
# Black_Devils.B0ys@yahoo.com #
# Teacher.3v1l@live.com #
# B.Devils.B@gmail.com #
# Twitter.com/Doctor_3v1l #
# IR.LinkedIN.com/IN/Hossein3v1l #
# #
#======================================================================#